All Networks Need Security
Security is very important. The Internet is a wonderful tool. Meteoric growth like that of Cisco from nowhere to a multi-billion dollar company in a decade would not be possible without leveraging the tools available with the internet and intranet.
But without well defined security, the Internet can be a dangerous place. The good news is that the tools are available to make the Internet a safe place for your business. Some people think that only large sites are hacked. In reality, even small company sites are hacked.
There’s a false impression from many small company owners that, “Hey, who would want to break into my company? I’m a nobody.
I’m not a big corporation like IBM or the Pentagon or something like that, so why would somebody want to break into my company?”
The reality is that even small companies are hacked into very, very often.
Why Security?
Why network security? There’s three primary reasons to explore network security.
– One is policy vulnerabilities.
– Another one, configuration vulnerabilities.
– Lastly, there’s technology vulnerabilities.
And the bottom line is there are people that are willing and eager to take advantage of these vulnerabilities.
Security Threats
So these are some of the different things that we need to protect against:
Loss of privacy: Without encryption, every message sent may be read by an unauthorized party. This is probably the largest inhibitor of business-to-business communications today.
Impersonation: You must also be careful to protect your identity on the Internet. Many security systems today rely on IP addresses to uniquely identify users. Unfortunately this system is quite easy to fool and has led to numerous break-ins.
Denial of service:And you must ensure that your systems are available. Over the last several years, attackers have found deficiencies in the TCP/IP protocol suite that allows them to arbitrarily cause computer systems to crash.
Loss of integrity:Even for data that is not confidential, one must still take measures to ensure data integrity. For example, if you were able to securely identify yourself to the your bank using digital certificates, you would still want to ensure that the transaction itself is not modified in some way, such as by changing the amount of the deposit.
Security Objective: Balance Business Needs with Risks
Objectives for security need to balance the risks of providing access with the need to protect network resources. Creating a security policy involves evaluating the risks, defining what’s valuable, and determining whom you can trust. The security policy plays three roles to help you specify what must be done to secure company assets.
-It specifies what is being protected and why, and the responsibility for that protection.
-It provides grounds for interpreting and resolving conflicts in implementation, without listing specific threats, machines, or individuals. A well-designed policy does not change much over time.
-It addresses scalability issues
Employees expect access but an enterprise requires security. It is important to plan with scalability and deployment of layered technologies in mind. Security policies that inhibit productivity may be too restrictive.